personal key

General discussion about the development of the open source Blender

Moderators: jesterKing, stiv

jesterKing
Site Admin
Posts: 207
Joined: Fri Oct 18, 2002 12:48 pm
Location: Finland

Post by jesterKing » Fri Apr 23, 2004 1:28 pm

dreamkatana wrote:Could u propose this idea in the Testing Builds forum?
not as a new topic.

/jesterKing

jm
Posts: 0
Joined: Mon Aug 25, 2003 11:31 am
Contact:

Post by jm » Fri Apr 23, 2004 4:56 pm

Or I could just remove Blender's ability to load runtimes.
hmmm maybe this is one of the first solution.
But here is constantly problem with old Blender releases.
Everithing is crackable but better then leave way fully open.

any other solution ?
jm

joeedh
Posts: 31
Joined: Wed Oct 16, 2002 10:30 pm
Contact:

Post by joeedh » Fri Apr 23, 2004 11:22 pm

dreamkatana wrote:
alien-xmp wrote:Or I could just remove Blender's ability to load runtimes. :?
Hey Alien, that would be a great and easy solution. Nice Idea and we will not need personals keys anymore.

Could u propose this idea in the Testing Builds forum?



Thanks.
Um. . .would that be useful? Anyway who wanted to could simply download one the many, many older builds of Blender.

joeedh

dreamkatana
Posts: 0
Joined: Sat Feb 07, 2004 1:27 am

Post by dreamkatana » Fri Apr 23, 2004 11:57 pm

joeedh wrote:
dreamkatana wrote:
alien-xmp wrote:Or I could just remove Blender's ability to load runtimes. :?
Hey Alien, that would be a great and easy solution. Nice Idea and we will not need personals keys anymore.

Could u propose this idea in the Testing Builds forum?



Thanks.
Um. . .would that be useful? Anyway who wanted to could simply download one the many, many older builds of Blender.

joeedh
Yes that would be useful, creating a new Testing Blender with this ability, to create an .exe file that this blender or any other version of blender can not open.

gabio
Posts: 0
Joined: Thu Jan 15, 2004 6:41 am
Location: Canada - Québec - Sherbrooke
Contact:

Post by gabio » Sat Apr 24, 2004 8:02 pm

ho don't be negative.
anyway, sooner or later we'l have to break compatibility, blender is always evolving...

but maybe a tool could be maybe to convert blender 2.2 file to 2.3...

kAinStein
Posts: 63
Joined: Wed Oct 16, 2002 3:08 pm

Post by kAinStein » Sun Apr 25, 2004 12:09 am

:roll: In my opinion this whole discussion is really getting pure nonsense. I don't remember who's already said it, but if you really want to encrypt the .blend that is packed along the executable then you've got to give a key along with it, too. So: Blender is Open Source, so the way the executable is generated is known, also where the key is. This means that anyone could extract the .blend and open it.
Removing the ability to open executables isn't a solution either. If you can save the file then anyone can put that feature back into Blender - even if it is only to his private build. So nothing is won with it!
As already said, too, you should concentrate more on copyright even or especially when you want to sell your work. An encrypted .blend doesn't even solve the more serious problem with software piracy.
And if you really, really want to protect the very, very important things you've done (by yourself) then you should license the Blender code (you've got this option - ask Ton), hire a coder (if you've got the money for licensing the code then you've got that money for sure) and make your own Blender with your own player that can encrypt things like you want.

Sorry for being harsh but this topic here is getting nowhere.

Rui

Statik
Posts: 0
Joined: Fri Apr 16, 2004 2:05 pm
Location: Nova Scotia Canada
Contact:

Post by Statik » Sun Apr 25, 2004 8:43 pm

In general, all you need to do is combat the 'casual' pirate. Anything can be cracked. Make it too hard to be cracked and it often costs the regular, LEGAL user too much. I'd say that if you can lock exe with a personal key, so that the casual user cannot open it, then that should be sufficient. PDFs, Flash, etc. all have the ability to 'lock' their files, but there are tools around that will crack those locks.

A simple function in Blender that allows you to enter a key that is then MD5 hashed to lock the file would probably suffice. The unlock routine would MD5 the input and compare the two. Even if the hacker could get the hash out of the file, he would have to write his own decryptor function becuase the input routine wouldn't take the hash, and you can't reverse an MD5 hash to get the password.

There are tons of ways around this, but, again, for the casual hacker/pirate, it would be sufficient

Statik

Apollux
Posts: 0
Joined: Sun Mar 02, 2003 4:27 am
Location: Santo Domingo, Dominican Republic

Post by Apollux » Mon Apr 26, 2004 2:47 am

pildanovak wrote:or maybe there are some utilities to recode .exe files on the net(?), so they are signed and cannot be decoded anymore. I've heard about such utils. that's usable for all kind of exe files, including blender. This wouldn't help the web plugin though
If there are such utilities then THERE IS THE SOLUTION, and it doesn't requiere to change a single line of code within Blender.

But still it is needed that Blender can generate stand-alone executables, otherwise what will you recode?

gabio
Posts: 0
Joined: Thu Jan 15, 2004 6:41 am
Location: Canada - Québec - Sherbrooke
Contact:

Post by gabio » Mon Apr 26, 2004 3:32 pm

kAinStein wrote::roll: In my opinion this whole discussion is really getting pure nonsense. I don't remember who's already said it, but if you really want to encrypt the .blend that is packed along the executable then you've got to give a key along with it, too. So: Blender is Open Source, so the way the executable is generated is known, also where the key is. This means that anyone could extract the .blend and open it.
Removing the ability to open executables isn't a solution either. If you can save the file then anyone can put that feature back into Blender - even if it is only to his private build. So nothing is won with it!
As already said, too, you should concentrate more on copyright even or especially when you want to sell your work. An encrypted .blend doesn't even solve the more serious problem with software piracy.
And if you really, really want to protect the very, very important things you've done (by yourself) then you should license the Blender code (you've got this option - ask Ton), hire a coder (if you've got the money for licensing the code then you've got that money for sure) and make your own Blender with your own player that can encrypt things like you want.

Sorry for being harsh but this topic here is getting nowhere.

Rui
Well before sayingt that this is nosense, you should understand how encrytion work. Actualy, private and public key are made to prevent anyone to crack it even if he got the source, because you have to get the key of the guy. no key = no read .

jm
Posts: 0
Joined: Mon Aug 25, 2003 11:31 am
Contact:

Post by jm » Mon Apr 26, 2004 4:42 pm

RE:kAinStein
ok I start this thread.

maybe I'll schould buy some normal commercial tool for my work.
it's a pity, because this is good tool.( I still don't understand why you don't care build up personal key.)

jm

SirDude
Posts: 233
Joined: Sun Oct 13, 2002 7:37 pm
Location: University of Minnesota (USA)
Contact:

Post by SirDude » Mon Apr 26, 2004 5:50 pm

The problem with it opensource is you basically have two options for encryption.

A. the blend is encrypted and to decrypt it you need a
password. So people would need a password to run it
and or edit it.

B. You disable editing of files with a special flag and maybe
put a password in the blend file that will enable editing.
The problem with this method is its very easy for
any programmer to come along and disable the check.

You could do a combination of A and B however you would still have the drawbacks. Would need a password to run it and would be trivial for a programmer to go in
and override the check to disable editing.)

kAinStein
Posts: 63
Joined: Wed Oct 16, 2002 3:08 pm

Post by kAinStein » Mon Apr 26, 2004 5:59 pm

gabio wrote: Well before sayingt that this is nosense, you should understand how encrytion work. Actualy, private and public key are made to prevent anyone to crack it even if he got the source, because you have to get the key of the guy. no key = no read .
You don't need to tell me how encryption works. Trust me, I know it well. But you don't get the point! The point is that the encryption routine is known (Blender GPL - you know?) and public. If you want now to run the encrypted content packed with the executable then you'll need the key (it doesn't matter if that is a symetric or asymetric algorithm). This means that you've got two possibilities: Give the (public) key along with the executable or give it to the user's hands to decrypt it everytime he/she wants to run the game (for example a dialog asking for the key (file)).
So, you've got the Blender source code (I'm talking about the free GPLed code - you can still buy a commercial license of the source and make a closed source version), you know how the files are encrypted and which code is used for encryption/decryption. Then you've got the key. Now tell me please where the extra security is?! In the end anyone can load and edit the .blend in Blender - encrypted or not! This discussion _is_ nonsense... :roll:

Rui

gorgan_almighty
Posts: 41
Joined: Wed Oct 16, 2002 12:26 pm
Location: Kent, UK

Post by gorgan_almighty » Mon Apr 26, 2004 6:05 pm

alien-xmp wrote:Or I could just remove Blender's ability to load runtimes. :?
Thats a nice idea alien-amp but it wont work because blender is backwards compatible. All someone would need to do is open the exe in 2.25 and save it as a blend file. :(

We could create a seperate file format which only the blenderplayer can open, but because its opensource all some1 would have to do is take the loader code from blenderplayer, put it into blender and re-compile. :?

Keith. 8)
Last edited by gorgan_almighty on Mon Apr 26, 2004 6:08 pm, edited 1 time in total.

kAinStein
Posts: 63
Joined: Wed Oct 16, 2002 3:08 pm

Post by kAinStein » Mon Apr 26, 2004 6:06 pm

jm wrote:RE:kAinStein
ok I start this thread.

maybe I'll schould buy some normal commercial tool for my work.
it's a pity, because this is good tool.( I still don't understand why you don't care build up personal key.)

jm
Because there is no solution for it that really works as you would like it to work.

kAinStein
Posts: 63
Joined: Wed Oct 16, 2002 3:08 pm

Post by kAinStein » Mon Apr 26, 2004 6:31 pm

gorgan_almighty wrote: We could create a seperate file format which only the blenderplayer can open, but because its opensource all some1 would have to do is take the loader code from blenderplayer, put it into blender and re-compile. :?

Keith. 8)
Yep, that's the whole point. It just the same thing with encryption.

Honestly, it won't work. As it was mentioned before several times, ppl should concentrate on copyrights. Perhaps signing a file would make sense for several reasons (security regarding trojans, securing the copyrights, etc.). Encrypting the whole thing wouldn't be a good way to ensure that the work isn't copied illegally, either. That should be the main point if you're selling your work, isn't it? And asking a user each time to enter a key/password/whatever each time the game is run is not the way you should treat your customers...

Rui

Post Reply